Hi blocking the ip alone will not help you we encountered a situation recently.
refer my post we dealt with it effectivly UCM Weblogin loop
The reason this happened was the 3rd party IT compnay that manages the firewall did not have any specific rules to prevent and attack like this to the UCM . I will use the term router and firewall interchangably
Blocking the one ip is futile has you can see form my post ip address changes in seconds.
you need access to your ucm and settig a up VPN can also be a bit diffcult in terms of equipment and worse if a 3rd party IT compnay manages the network.
so the Question is what do you block and what do you allow and how do you do this to allow yourself and your provider to be able to gain access to your UCM.
This is the only practical logical method I know of and have used if anyone has a better workable solution pleasse share or improve my answer.
You have portforwading set on your edge router to <internal_IP_UCM:8089> you need to get access to this device form your dynamic Ip ( if you gain access always form a fixed ip you can create and even stricter rule ) but I will presume you get a dynamic iP form your isp.
simply block all interantional IP or if you choose all Ip on your edge router depending on what router you use ther may be different ways to do this we use Sophos and or Mikrotiks and its very simple , if you find that difficult you can deny all Ip on the incoming interface ( wan interface) traffic is coming in to you form the wan you blocking inbound connections. and explcitly allow your provider Ip range and all of the possible isp you may use to connect from.
Then ensure your Fail 2 ban on the UCM is correctly set up and tweak the settings in terms of ban duration make sure to enable Asterisk Service or the fail to ban will not work.
Dealing with these kind of stupid things has become a regular exercise and since web servers are made to accessed by legitamite users you cannot run or complicate your admistative tasks, from the over 300 ucms we adminster the fail to ban always worked flawlessly with the increase in these types of siily attacks the above setting I explained on the router /firewall will give you good protection.
hope this helps